<?php

require_once '../include/common.inc.php';

if (!checkAdmin()) {
    header("LOCATION:index.php");
    exit;
}

$menu_index = 5;
$page_title = 'JANSEN';
$guide_message = 'My Account | Update Profile';
$alert_message = '';
$email = '';

getMyParam('action');
getMyParam('email');
getMyParam('old_pwd');
getMyParam('new_pwd');
getMyParam('retype_pwd');

if ($action == "update") {
    if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i", $email)) {
        $alert_message = "Invalid Email.Update failed";
    } elseif (trim($old_pwd) == "" || trim($new_pwd) == "" || trim($retype_pwd) == "") {
        $alert_message = "Please enter password.Update failed";
    } elseif (strlen($new_pwd) > 32) {
        $alert_message = "Your password must be no more than 32 characters.Update failed";
    } elseif ($new_pwd != $retype_pwd) {
        $alert_message = "The passwords you entered did not match.Update failed";
    } else {
        $sql = "SELECT `password` FROM user WHERE username='$admin_name' AND type = 10";
        $rs = $db->get_one($sql);
        if (md5($old_pwd) != $rs['password']) {
            $alert_message = "The current password you supplied does not match that stored in the database.Update failed";
        } else {
            $set_pwd = md5($new_pwd);
            $sql = "UPDATE `user` SET `email` = '$email', `password` = '$set_pwd' WHERE username='$admin_name' AND type = 10";
            $db->query($sql);
            Cookie('AdminUser','',0);
            echo "<script>alert('Update Succeed,please login again.');location.href='index.php';</script>";                
            exit;
        }
    }
} else {
    $sql = "SELECT * FROM user WHERE username='$admin_name' AND type = 10";
    $out_ary = $db->get_one($sql);
    $email = $out_ary['email'];
}

$debug = 1;
debuginfo();

include_once(JANSEN_ROOT . 'admin/menu_list.php');
require_once PrintEot('a_header');
require_once PrintEot('a_myaccount');
require_once PrintEot('a_footer');

?>